Reference content.document javascript var from sidebar
S.Hamel
check for the value of specific JavaScript variables.
>From the JS in the sidebar, I can get the value of
content.document.title, but how do I get the value of
content.document.someJavaScriptVariable?
Thanks!
mark bokil
You could use the windowmediator to get the main window.
const windowMediatorIID = Components.interfaces.nsIWindowMediator;
const windowMediator =
Components.classes["@mozilla.org/appshell/window-mediator;1"].getService(windowMediatorIID);
const topWin = windowMediator.getMostRecentWindow("navigator:browser");
winTitle = topWin.document.title
Nickolay Ponomarev
And in case you missed it, global vars are properties of |window|, not
|document|.
Nickolay
Neil
>I want my sidebar to check the page being loaded in the main window and check for the value of specific JavaScript variables.
>
>
This can be accomplished via the |wrappedJSObject| property, but note
that despite the documentation I was reading claiming that it is only
unsafe to try to write the value of specific JavaScript variables, I
would avoid reading them too.
--
Warning: May contain traces of nuts.
Philip Chee
> S.Hamel wrote:
>> I want my sidebar to check the page being loaded in the main window and
>> check for the value of specific JavaScript variables.
>> >From the JS in the sidebar, I can get the value of
>> content.document.title, but how do I get the value of
>> content.document.someJavaScriptVariable?
> You could use the windowmediator to get the main window.
Err, he already *has* the main window. (content is magic).
Phil
--
Philip Chee <phi...@aleytys.pc.my>, <phili...@gmail.com>
http://flashblock.mozdev.org/ http://xsidebar.mozdev.org
Guard us from the she-wolf and the wolf, and guard us from the thief,
oh Night, and so be good for us to pass.
[ ]ERROR: Unable to come up with a good tagline.
* TagZilla 0.059
S.Hamel
your suggestion was the closest one to the answer. It took me a while
to figure out the details, so here's an example for the benefits of the
prosperity reading this newsgroup :)
var winWrapper = new XPCNativeWrapper(content);
var jso = winWrapper.wrappedJSObject;
alert("someJavaScriptVariable = ["+jso.someJavaScriptVariable+"]");
Nickolay Ponomarev
> Thanks Nickolay,
> your suggestion was the closest one to the answer. It took me a while
> to figure out the details, so here's an example for the benefits of the
> prosperity reading this newsgroup :)
>
> var winWrapper = new XPCNativeWrapper(content);
> var jso = winWrapper.wrappedJSObject;
> alert("someJavaScriptVariable = ["+jso.someJavaScriptVariable+"]");
>
Actually, just:
alert(content.wrappedJSObject.someJSVar);
but it is not recommended to do this on random webpages due to
security concerns.
Nickolay
>
> Nickolay Ponomarev wrote:
> > On 22 Nov 2006 19:33:45 -0800, S.Hamel <sham...@gmail.com> wrote:
> > > I want my sidebar to check the page being loaded in the main window and
> > > check for the value of specific JavaScript variables.
> > >
> > > >From the JS in the sidebar, I can get the value of
> > > content.document.title, but how do I get the value of
> > > content.document.someJavaScriptVariable?
> > >
> > http://developer.mozilla.org/en/docs/XPCNativeWrapper
> >
> > And in case you missed it, global vars are properties of |window|, not
> > |document|.
> >
> > Nickolay
>
> _______________________________________________
> dev-extensions mailing list
> dev-ext...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-extensions
>
Dirk Olbertz
> This can be accomplished via the |wrappedJSObject| property, but note
> that despite the documentation I was reading claiming that it is only
> unsafe to try to write the value of specific JavaScript variables, I
> would avoid reading them too.
Can you explain, why? What other way would there be to read a specific
JS var?
Thanks,
Dirk
Neil
>Neil,
>
>>This can be accomplished via the |wrappedJSObject| property, but note that despite the documentation I was reading claiming that it is only unsafe to try to write the value of specific JavaScript variables, I would avoid reading them too.
>>
>>
>Can you explain, why?
>
Fortunately I don't know the details of any relevant exploits. Obviously
an exploit is less likely if you check the page location first
(particularly if you limit it to a secure web site).
Dirk Olbertz
>
> >Can you explain, why?
> Fortunately I don't know the details of any relevant exploits. Obviously
> an exploit is less likely if you check the page location first
> (particularly if you limit it to a secure web site).
OK. In my case, I just check a variable, which will have some kind of
user_id (used by a blog counter, that users can install from my site).
I read that variable to let the user go to the profil page of that
user_id. The extension is just a shortcut for clicking the profil
button on the webpage. And there are some "invisible" buttons, so the
extension will give access to that users profil page through the
extension.
The profil is public anyway, so I don't really care about the content
of the JS variable.
Does this sound "safe"? You can have a look at the counter-code in the
source of http://olbertz.de/blog . Search for "blogscout" to see the
variable "blogcounter_client_id". When clicking on the extions icon,
the user is redirected to
http://blogscout.de/info/profil/<blogcounter_client_id>.
Thanks,
Dirk
Neil
>The profil is public anyway, so I don't really care about the content of the JS variable.
>
>
That's not the problem. Ideally you need to ensure that nothing bad
happens to your users if they click your button when visiting
http://malicious.site/
Dirk Olbertz
> Dirk Olbertz wrote:
> >The profil is public anyway, so I don't really care about the content of the JS variable.
> >
> That's not the problem. Ideally you need to ensure that nothing bad
> happens to your users if they click your button when visiting
> http://malicious.site/
OK. Thanks. So I will make sure the content is "well-formed" and does
not contain characters that I forbid to be there, when it's a regular
counter-code.
Regards,
Dirk